The NFVI is shared between multiple entities, referred to as tenants of the NFVI. A fundamental aspect of the design is ensuring that multiple tenants remain logically isolated from each other, although the physical and virtual layers they use may be shared.
The design principles for multitenancy are:
An NFVI tenant cannot interfere with the operations of another tenant, nor can one VNF interfere with another.
Fair resource sharing must take place. When the system has available resources, and tenants require these resources, they are split appropriately among the tenants.
One tenant network must be isolated from another. A tenant choice of IP allocation, default gateway, and routing, cannot interfere with another tenant. In fact, another tenant may use the same networking information. Network access from one tenant to another must follow the trusted networking and security policy of the CSP
A tenant must be proactively monitored to ensure health and efficiency to deliver optimal service quality.
The design principles allow multiple tenants to share resources on the operator's network, and to maintain a great deal of control and self-management. Tenants can use overlapping IP addressing and, together with the use of resource policies, the CSP can ensure that the amount of resources required by the tenant is controlled. The tenant based architecture together with a well-defined process for VNF onboarding and VNF resource allocation, means that a CSP can offer service-level agreements (SLAs) with which high quality, mission critical services, can be created. With the integrated operational management principles, SLAs can also be monitored and ensured.